Main Vulnerability Database SB2025090301

SB2025090301 - Fedora 44 update for glycin, rust-ashpd, rust-ashpd0.11, rust-glycin, rust-glycin-common, rust-glycin-utils, rust-gufo, rust-gufo-common, rust-gufo-exif, rust-gufo-jpeg, rust-gufo-png, rust-gufo-tiff, rust-gufo-webp, rust-gufo-xmp

Published: September 3, 2025

Security Bulletin ID SB2025090301

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Neutralization of Escape, Meta, or Control Sequences (CVE-ID: CVE-2025-58160)

The vulnerability allows a remote attacker to poison application logs.

The vulnerability exists due to improper validation of ANSI characters. A remote attacker can pass specially crafted input containing ANSI escape sequences and perform log poisoning.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2025-bb172624a9

Vulnerable Software

Fedora: 44
rust-gufo-xmp: before 0.3.0-1.fc44
rust-gufo-webp: before 0.3.0-1.fc44
rust-gufo-tiff: before 0.3.0-1.fc44
rust-gufo-png: before 0.3.0-1.fc44
rust-gufo-jpeg: before 0.3.0-1.fc44
rust-gufo-exif: before 0.3.0-1.fc44
rust-gufo-common: before 1.0.1-1.fc44
rust-gufo: before 0.3.0-1.fc44
rust-glycin-utils: before 4.0.0~rc-1.fc44
rust-glycin-common: before 1.0.0~rc-1.fc44
rust-glycin: before 3.0.0~rc-2.fc44
rust-ashpd0.11: before 0.11.0-1.fc44
rust-ashpd: before 0.12.0-1.fc44
glycin: before 2.0~rc-1.fc44

SB2025090301 - Fedora 44 update for glycin, rust-ashpd, rust-ashpd0.11, rust-glycin, rust-glycin-common, rust-glycin-utils, rust-gufo, rust-gufo-common, rust-gufo-exif, rust-gufo-jpeg, rust-gufo-png, rust-gufo-tiff, rust-gufo-webp, rust-gufo-xmp

Breakdown by Severity

Description

Remediation

References

Please verify you're human